From: Al Viro <viro@zeniv.linux.org.uk>
To: Andreas Gruenbacher <agruenba@redhat.com>
Cc: gfs2@lists.linux.dev
Subject: Re: [PATCH 0/9] gfs2: Bugs in "Use GL_NOBLOCK flag for non-blocking lookups"
Date: Fri, 2 Feb 2024 04:23:12 +0000 [thread overview]
Message-ID: <20240202042312.GY2087318@ZenIV> (raw)
In-Reply-To: <20240119212056.805617-1-agruenba@redhat.com>
On Fri, Jan 19, 2024 at 10:20:47PM +0100, Andreas Gruenbacher wrote:
> Hello,
>
> Al Viro has reported issues with commit dd00aaeb3432 ("gfs2: Use
> GL_NOBLOCK flag for non-blocking lookups"):
>
> * First, parent can now be NULL and dereferencing it in
> gfs2_dir_check(d_inode(parent), &dentry->d_name, ip) isn't going to
> work;
>
> * Second, gfs2_dir_check() can still sleep, which breaks LOOKUP_RCU
> mode.
Looks sane, but there's another piece of fun in gfs_permission():
gl = rcu_dereference_check(ip->i_gl, !may_not_block);
if (unlikely(!gl)) {
/* inode is getting torn down, must be RCU mode */
WARN_ON_ONCE(!may_not_block);
return -ECHILD;
}
if (gfs2_glock_is_locked_by_me(ip->i_gl) == NULL) {
int noblock = may_not_block ? GL_NOBLOCK : 0;
error = gfs2_glock_nq_init(ip->i_gl, LM_ST_SHARED,
LM_FLAG_ANY | noblock, &i_gh);
if (error)
return error;
}
See the problem? In RCU mode we carefully fetch ->i_gl and verify
it's not NULL. Then we proceed to dereference it again.
IOW, these ip->i_gl below ought to be replaced with gl, or you are
risking a compiler fetching the sucker again and getting NULL this
time around.
next prev parent reply other threads:[~2024-02-02 4:23 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-01-19 21:20 [PATCH 0/9] gfs2: Bugs in "Use GL_NOBLOCK flag for non-blocking lookups" Andreas Gruenbacher
2024-01-19 21:20 ` [PATCH 1/9] gfs2: Fix gfs2_drevalidate NULL pointer dereference Andreas Gruenbacher
2024-01-19 21:20 ` [PATCH 2/9] gfs2: Pass FGP flags to gfs2_getbuf Andreas Gruenbacher
2024-01-19 21:20 ` [PATCH 3/9] gfs2: Split gfs2_meta_read_async off from gfs2_meta_read Andreas Gruenbacher
2024-01-19 21:20 ` [PATCH 4/9] gfs2: Add FGP_NOWAIT support to gfs2_meta_read_async Andreas Gruenbacher
2024-01-19 21:20 ` [PATCH 5/9] gfs2: Pass FGP flags to gfs2_meta_{,inode_}buffer Andreas Gruenbacher
2024-01-19 21:20 ` [PATCH 6/9] gfs2: Pass FGP flags to gfs2_dirent_search Andreas Gruenbacher
2024-01-19 21:20 ` [PATCH 7/9] gfs2: Pass FGP flags to gfs2_dir_check Andreas Gruenbacher
2024-01-19 21:20 ` [PATCH 8/9] gfs2: Minor gfs2_drevalidate cleanup Andreas Gruenbacher
2024-01-19 21:20 ` [PATCH 9/9] gfs2: Fix LOOKUP_RCU support in gfs2_drevalidate Andreas Gruenbacher
2024-01-20 1:36 ` [PATCH 0/9] gfs2: Bugs in "Use GL_NOBLOCK flag for non-blocking lookups" Al Viro
2024-01-20 1:38 ` Al Viro
2024-01-22 12:52 ` Andrew Price
2024-02-02 4:23 ` Al Viro [this message]
2024-02-02 4:34 ` Al Viro
2024-02-02 16:32 ` Andreas Gruenbacher
2024-02-02 4:59 ` Al Viro
2024-02-02 5:02 ` Al Viro
2024-02-02 17:09 ` Andreas Gruenbacher
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240202042312.GY2087318@ZenIV \
--to=viro@zeniv.linux.org.uk \
--cc=agruenba@redhat.com \
--cc=gfs2@lists.linux.dev \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox